BYOD: Why Mobile Device Management Isn't Enough

Here's what to look for in MDM software and what limitations IT still faces in letting employees use personal devices for work.

Nine out of 10 technology pros think smartphones and tablets will become more important to business productivity in the next couple of years. Seventy-two percent expect to offer more bring-your-own-device options so that employees can access company data with their personal gadgets.

But IT doesn't necessarily see mobile device management software as essential to coping with this proliferation of devices in the workplace. Only 26% of respondents to the InformationWeek Mobile Device Management and Security Survey say their companies have implemented MDM software, and another 17% say they're in the process of deploying it.

Even those companies that have implemented MDM need to make sure their technology and policies really deliver the data security and management efficiency they seek. All MDM software offers the same basic capabilities, such as data wipe and device inventory, so look for additional features that fit with how you use mobile devices. For example, is it a priority for your company to build an app store, or will it need to get hundreds of new people a month on new devices? Buy MDM software optimized to deliver those outcomes.

Too many IT shops are working without this strategic view. They're merely scrambling to meet pressure from the CEO on down to offer BYOD options or increase mobile app access. "Our deployment of mobile solutions is more of a reaction to 'want,' with many of the expected issues from poor planning becoming major issues," laments one of the 307 business technology pros who responded to our survey.

What do employees want to access on their iPhones, Android phones and tablets? The four most-cited resources are email, Microsoft Office applications, VPN and company file servers.

The common trait? Employees need access to corporate data to do work while they're away from the office, and with that data access comes all kinds of security questions: who can access what data, why, when and where -- and what happens when that device goes missing? But mobile data and mobile operating systems present a different security challenge from PCs, which is why just implementing MDM software won't solve IT's BYOD and mobile management headaches. This article spotlights some of the most important factors to consider for those 39% of IT shops now evaluating MDM software -- and even those that don't think they need MDM.

Mobile Is Different

IT organizations first tried to solve the mobile security problem with the same processes they used for laptops and PCs -- tactics such as endpoint protection software, policy enforcement, password complexity and even data leak prevention software. But when your company doesn't own the device (BYOD) or has to deal with hundreds of versions of mobile operating systems, the PC approaches don't cut it.

MDM software vendors promise to enforce security policies, block employees from installing malicious apps and even encrypt data. But MDM is still young technology. No vendor dominates the market, which includes a mix of legacy security vendors and startups focused entirely on mobile.

Among respondent companies using, planning to use or evaluating MDM, only BlackBerry Enterprise Server and Microsoft ActiveSync are currently deployed or planned for use by more than 14%. Some respondents doubt if MDM even belongs in enterprise IT: Among those who say their companies aren't using MDM, 47% say they have "no need." Says one consultant and former CIO in the survey: "A big reason for BYOD is to get out of the equipment business. If you implement MDM, you are back in the equipment business."

We decided to do a hands-on assessment of MDM products.We sent invitations to more than 20 vendors, but only three agreed to take part. Most of the other vendors said they didn't want to participate until the next versions of their software were available. So when would that software be ready? Crickets.

However, the three vendors that participated -- Good Technology, Symantec and Research In Motion -- are good industry representatives, as each approaches MDM in a different way. Symantec is a security vendor with experience in detecting and mitigating threats in large enterprises. Good uses a secure container approach, replacing the corporate email, calendar and file-sharing applications with its own. Its approach requires employees to learn a different interface, but it's the same across Android and Apple devices. RIM, the newest of the three to vendor-neutral MDM, acquired Ubitexx in 2011 to try to build on its enterprise IT customer base by letting customers deploy non-BlackBerry devices using its management software. We took each vendor's product and deployed it in our lab, with access to normal support but no special engineers or on-site techs.

We tested the products for managing iPad 2, iPhone 4S, Android 2.3, Android-based Samsung Galaxy Tab 7, BlackBerry Bold phone and RIM's PlayBook tablet, where the products supported those devices. We left off Windows Mobile because most vendors don't have full support for those devices -- something to consider if you're a Windows shop. Our three reviews are on the accompanying pages; longer versions plus additional survey data are available in our free report.

I have not researched much about BYOD. In my understanding, the use of mobile devices as business workstation, will be benefited for organizations in very low TCO. But, for those, who like to install that feature. Vendors of all operating systems and security software providers will, in the near future, compete to provide optimized and integrated solution of MDM, as MDM should be a baby of operating systems. Let see how technology turns itself for client/mobile phone end.

MDM does not cover access to resources behind the firewall and mobile VPNs are not the answer. Additionally as the number of business apps increase, single sign on will be come the next big mobile need... I HATE logging in on my device.

Any consultant who says "A big reason for BYOD is to get out of the equipment business. If you implement MDM, you are back in the equipment business" is taking an enterprise security approach of "if I don't see it, it didn't happen." BYOD only changes the mechanics of device sourcing and nothing else.

Michael - You make a very good point. MDM is not enough, you need a better MDM that has app wrapping and analyzer to protect data. I would love to show you a what we have built at Better MDM(bettermdm.com).

I hate to tout one technology over another but thats why RT or Citrix has been taking off. Now we in IT dont care what device you have (we specifically say we wont support personal devices BUT - we just say you'll need a client on it to access our infrastructure). And they access the same thing from within the organization which is just using thin clients. So we keep the entry way limited and locked with less management. The actual build isnt exactly less expensive - as its around the same when done with all the licensing and backend server needs in lieu of actual PCs. But the TCM is way lower. And seeing as people get to mess around with their personal toys - they are happy too.

While there is a huge upside to what mobile technology can provide... vis-a-vis an enabler... one cannot ignore the prerequisite to devise a concrete solution for securely managing those devices. Once we get control of that aspect, then we can move on to the use cases.

You are right, It isn't about costs all the time but when all you have is a Hammer in IT.....

I have another piece I am writing about that focuses around what we should be discussing, Mobility in the true sense. Mobility where companies are using mobile to innovate and advance rather then just provide another form of access to corporate resources. I have worked with some companies that have transformed their business because of mobile such as banks performing mortgages in your house, to hospice nurses giving real-time drug interactions from mobile apps.

We need to talk more about mobility and less about managing mobile devices. Hopefully I got that point across in terms of technology. All MDM is the same, lets move on.

That's exactly the same thing I have argued. One has to look hard at TCO when considering BYOD vs. Enterprise supplied mobile devices. Companies that think pure BYOD will work in the long term would do well to visualize the little boy in front of the leaking Dike...